The Default Authenticator supports the storage of the user object onto the request.
user variable on the request is set on
login() and removed on
logout(). Its presence is used to determine whether a user is authenticated or not.
In addition, the Passport.js
logout functions are supported. If they are available on the request, they will be invoked.
req.session is supported. If
req.session is available, its
save() method will be called to persist session state after login and after logout.
There is no additional configuration required.